| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240913152915.2981126-2-vladimir.oltean@nxp.com>
Date: Fri, 13 Sep 2024 18:29:10 +0300
From: Vladimir Oltean <vladimir.oltean@....com>
To: netdev@...r.kernel.org
Cc: "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Andrew Lunn <andrew@...n.ch>,
Florian Fainelli <f.fainelli@...il.com>,
Petr Machata <petrm@...dia.com>,
Ido Schimmel <idosch@...dia.com>,
Claudiu Manoil <claudiu.manoil@....com>,
Alexandre Belloni <alexandre.belloni@...tlin.com>,
UNGLinuxDriver@...rochip.com,
Jamal Hadi Salim <jhs@...atatu.com>,
Cong Wang <xiyou.wangcong@...il.com>,
Jiri Pirko <jiri@...nulli.us>,
linux-kernel@...r.kernel.org
Subject: [RFC PATCH net-next 1/6] net: sched: propagate "skip_sw" flag to offload for flower and matchall
In some cases, an offloaded filter can only do half the work, and the
rest must be handled by software.
For example, redirecting/mirroring from the ingress of a switchdev port
towards a virtual interface like veth/dummy/etc that is completely
foreign to said switchdev port. The most that the switchdev port can do
is to extract the matching packets from its data path and send them to
the CPU. From there on, the software filter runs (a second time) on the
packet and performs the mirred.
It makes sense for switchdev drivers which allow this kind of "half
offloading" to sense the "skip_sw" flag of the filter/action, and deny
attempts from the user to install a filter that does not run in
software, because that simply won't work.
Signed-off-by: Vladimir Oltean <vladimir.oltean@....com>
---
include/net/flow_offload.h | 1 +
include/net/pkt_cls.h | 1 +
net/sched/cls_flower.c | 1 +
net/sched/cls_matchall.c | 1 +
4 files changed, 4 insertions(+)
diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h
index 292cd8f4b762..a2f688dd0447 100644
--- a/include/net/flow_offload.h
+++ b/include/net/flow_offload.h
@@ -692,6 +692,7 @@ struct flow_cls_offload {
struct flow_cls_common_offload common;
enum flow_cls_command command;
bool use_act_stats;
+ bool skip_sw;
unsigned long cookie;
struct flow_rule *rule;
struct flow_stats stats;
diff --git a/include/net/pkt_cls.h b/include/net/pkt_cls.h
index 4880b3a7aced..7b9f41f33c33 100644
--- a/include/net/pkt_cls.h
+++ b/include/net/pkt_cls.h
@@ -782,6 +782,7 @@ struct tc_cls_matchall_offload {
struct flow_rule *rule;
struct flow_stats stats;
bool use_act_stats;
+ bool skip_sw;
unsigned long cookie;
};
diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index e280c27cb9f9..8f7c60805f85 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -480,6 +480,7 @@ static int fl_hw_replace_filter(struct tcf_proto *tp,
cls_flower.rule->match.mask = &f->mask->key;
cls_flower.rule->match.key = &f->mkey;
cls_flower.classid = f->res.classid;
+ cls_flower.skip_sw = skip_sw;
err = tc_setup_offload_action(&cls_flower.rule->action, &f->exts,
cls_flower.common.extack);
diff --git a/net/sched/cls_matchall.c b/net/sched/cls_matchall.c
index 9f1e62ca508d..9bd598f8a46c 100644
--- a/net/sched/cls_matchall.c
+++ b/net/sched/cls_matchall.c
@@ -98,6 +98,7 @@ static int mall_replace_hw_filter(struct tcf_proto *tp,
tc_cls_common_offload_init(&cls_mall.common, tp, head->flags, extack);
cls_mall.command = TC_CLSMATCHALL_REPLACE;
cls_mall.cookie = cookie;
+ cls_mall.skip_sw = skip_sw;
err = tc_setup_offload_action(&cls_mall.rule->action, &head->exts,
cls_mall.common.extack);
--
2.34.1
Powered by blists - more mailing lists